CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4993 – eap: HTTP header injection / response splitting
https://notcve.org/view.php?id=CVE-2016-4993
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web Undertow en WildFly 10.0.0, tal como se utiliza en Red Hat JBoss Enterprise Application Platform (EAP) 7.x en versiones anteriores a 7.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • http://rhn.redhat.com/errata/RHSA-2016-1838.html http://rhn.redhat.com/errata/RHSA-2016-1839.html http://rhn.redhat.com/errata/RHSA-2016-1840.html http://rhn.redhat.com/errata/RHSA-2016-1841.html http://www.securityfocus.com/bid/92894 http://www.securitytracker.com/id/1036758 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017: • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2012-4529 – Web: jsessionid exposed via encoded url when using cookie based session tracking
https://notcve.org/view.php?id=CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. El método org.apache.catalina.connector.Response.encodeURL en Red Hat JBoss Web 7.1.x y anteriores, cuando el modo de traceo está fijado a COOKIE, envia el parámetro jsessionid en la URL de la primera respuesta de una sesion, lo que permite a atacantes remotos obtener el id de sesion a treves de un ataque man-in-the-middle o leyendo un log • http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://issues.jboss.org/browse/JBWEB-249 https://access.redhat.com/security/cve/CVE-2012-4529 https://bugzilla.redhat.com/show_bug.cgi?id=868202 •